CVE-2025-40800

CWE-295 — Improper Certificate Validation4 documents4 sources

Severity

9.1CRITICAL

EPSS

0.0%

top 92.65%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Siemens Comos V10.6 Siemens NX V2412 Siemens NX V2506 +4 more

Timeline

PublishedDec 9

Description

A vulnerability has been identified in COMOS V10.6 (All versions < V10.6.1), COMOS V10.6 (All versions < V10.6.1), NX V2412 (All versions < V2412.8700), NX V2506 (All versions < V2506.6000), Simcenter 3D (All versions < V2506.6000), Simcenter Femap (All versions < V2506.0002), Solid Edge SE2025 (All versions < V225.0 Update 10), Solid Edge SE2026 (All versions < V226.0 Update 1). The IAM client in affected products is missing server certificate validation while establishing TLS connections to th…

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Affected Packages7 packages

▶CVEListV5siemens/solid_edge_se2025< V225.0 Update 10

▶CVEListV5siemens/solid_edge_se2026< V226.0 Update 1

▶CVEListV5siemens/nx_v2506< V2506.6000

▶CVEListV5siemens/simcenter_femap< V2506.0002

▶CVEListV5siemens/nx_v2412< V2412.8700

🔴Vulnerability Details

CVEList

CVE-2025-40800: A vulnerability has been identified in COMOS V10↗2025-12-09

▶

GHSA

GHSA-xg9v-jc69-p54f: A vulnerability has been identified in COMOS V10↗2025-12-09

▶

🕵️Threat Intelligence

Wiz

CVE-2025-40800 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶